Howard, Howard Chu wrote:
> Did any of those FIPS audits red-flag the above code snippet? Of course not. You seem to be mistaken about the purpose and scope of FIPS140 validation. Only cryptographic code needs to be validated. The libnss initialization code is not cryptographic code, and thus doesn't need to be validated (and it was not). The code that was FIPS140 validated is the libsoftokn PKCS#11 softoken, and its libfreebl dependency, since that's where the cryptographic algorithms are implemented. During our validation, only the softoken was validated, since that's where the cryptographic boundary was set. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
